github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

features: rename UserNamespacesStatelessPodsSupport

Browse Source 
now it is called UserNamespacesSupport since all kind of volumes are
supported.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2023-06-22 15:18:22 +02:00
parent 556d713a4a
commit 531d38e323
7 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/api/pod/util.go
View File

@@ -477,7 +477,7 @@ func dropDisabledFields(
} }
// If the feature is disabled and not in use, drop the hostUsers field. // If the feature is disabled and not in use, drop the hostUsers field.
if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesStatelessPodsSupport) && !hostUsersInUse(oldPodSpec) { if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) && !hostUsersInUse(oldPodSpec) {
// Drop the field in podSpec only if SecurityContext is not nil. // Drop the field in podSpec only if SecurityContext is not nil.
// If it is nil, there is no need to set hostUsers=nil (it will be nil too). // If it is nil, there is no need to set hostUsers=nil (it will be nil too).
if podSpec.SecurityContext != nil { if podSpec.SecurityContext != nil {

2
pkg/api/pod/util_test.go
View File

@@ -1700,7 +1700,7 @@ func TestDropHostUsers(t *testing.T) {
} }
t.Run(fmt.Sprintf("feature enabled=%v, old pod %v, new pod %v", enabled, oldPodInfo.description, newPodInfo.description), func(t *testing.T) { t.Run(fmt.Sprintf("feature enabled=%v, old pod %v, new pod %v", enabled, oldPodInfo.description, newPodInfo.description), func(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.UserNamespacesStatelessPodsSupport, enabled)() defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.UserNamespacesSupport, enabled)()
DropDisabledPodFields(newPod, oldPod) DropDisabledPodFields(newPod, oldPod)

4
pkg/features/kube_features.go
View File

@@ -793,7 +793,7 @@ const (
// alpha: v1.25 // alpha: v1.25
// //
// Enables user namespace support for stateless pods. // Enables user namespace support for stateless pods.
UserNamespacesStatelessPodsSupport featuregate.Feature = "UserNamespacesStatelessPodsSupport" UserNamespacesSupport featuregate.Feature = "UserNamespacesSupport"
// owner: @cofyc // owner: @cofyc
// alpha: v1.21 // alpha: v1.21
@@ -1058,7 +1058,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
VolumeCapacityPriority: {Default: false, PreRelease: featuregate.Alpha}, VolumeCapacityPriority: {Default: false, PreRelease: featuregate.Alpha},
UserNamespacesStatelessPodsSupport: {Default: false, PreRelease: featuregate.Alpha}, UserNamespacesSupport: {Default: false, PreRelease: featuregate.Alpha},
WinDSR: {Default: false, PreRelease: featuregate.Alpha}, WinDSR: {Default: false, PreRelease: featuregate.Alpha},

2
pkg/kubelet/kuberuntime/kuberuntime_container_linux.go
View File

@@ -55,7 +55,7 @@ func (m *kubeGenericRuntimeManager) applyPlatformSpecificContainerConfig(config
} }
config.Linux = cl config.Linux = cl
if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.UserNamespacesStatelessPodsSupport) { if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.UserNamespacesSupport) {
if cl.SecurityContext.NamespaceOptions.UsernsOptions != nil { if cl.SecurityContext.NamespaceOptions.UsernsOptions != nil {
for _, mount := range config.Mounts { for _, mount := range config.Mounts {
mount.UidMappings = cl.SecurityContext.NamespaceOptions.UsernsOptions.Uids mount.UidMappings = cl.SecurityContext.NamespaceOptions.UsernsOptions.Uids

8
pkg/kubelet/userns/userns_manager.go
View File

@@ -142,7 +142,7 @@ func MakeUserNsManager(kl userNsPodsManager) (*UsernsManager, error) {
} }
// do not bother reading the list of pods if user namespaces are not enabled. // do not bother reading the list of pods if user namespaces are not enabled.
if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesStatelessPodsSupport) { if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) {
return &m, nil return &m, nil
} }
@@ -258,7 +258,7 @@ func (m *UsernsManager) record(pod types.UID, from, length uint32) (err error) {
// Release releases the user namespace allocated to the specified pod. // Release releases the user namespace allocated to the specified pod.
func (m *UsernsManager) Release(podUID types.UID) { func (m *UsernsManager) Release(podUID types.UID) {
if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesStatelessPodsSupport) { if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) {
return return
} }
@@ -367,7 +367,7 @@ func (m *UsernsManager) createUserNs(pod *v1.Pod) (userNs userNamespace, err err
// GetOrCreateUserNamespaceMappings returns the configuration for the sandbox user namespace // GetOrCreateUserNamespaceMappings returns the configuration for the sandbox user namespace
func (m *UsernsManager) GetOrCreateUserNamespaceMappings(pod *v1.Pod) (*runtimeapi.UserNamespace, error) { func (m *UsernsManager) GetOrCreateUserNamespaceMappings(pod *v1.Pod) (*runtimeapi.UserNamespace, error) {
if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesStatelessPodsSupport) { if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) {
return nil, nil return nil, nil
} }
@@ -427,7 +427,7 @@ func (m *UsernsManager) GetOrCreateUserNamespaceMappings(pod *v1.Pod) (*runtimea
// allocations with the pods actually running. It frees any user namespace // allocations with the pods actually running. It frees any user namespace
// allocation for orphaned pods. // allocation for orphaned pods.
func (m *UsernsManager) CleanupOrphanedPodUsernsAllocations(pods []*v1.Pod, runningPods []*kubecontainer.Pod) error { func (m *UsernsManager) CleanupOrphanedPodUsernsAllocations(pods []*v1.Pod, runningPods []*kubecontainer.Pod) error {
if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesStatelessPodsSupport) { if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) {
return nil return nil
} }

4
pkg/kubelet/userns/userns_manager_test.go
View File

@@ -40,7 +40,7 @@ func (m *testUserNsPodsManager) ListPodsFromDisk() ([]types.UID, error) {
} }
func TestUserNsManagerAllocate(t *testing.T) { func TestUserNsManagerAllocate(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, pkgfeatures.UserNamespacesStatelessPodsSupport, true)() defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, pkgfeatures.UserNamespacesSupport, true)()
testUserNsPodsManager := &testUserNsPodsManager{} testUserNsPodsManager := &testUserNsPodsManager{}
m, err := MakeUserNsManager(testUserNsPodsManager) m, err := MakeUserNsManager(testUserNsPodsManager)
@@ -90,7 +90,7 @@ func TestUserNsManagerAllocate(t *testing.T) {
} }
func TestUserNsManagerParseUserNsFile(t *testing.T) { func TestUserNsManagerParseUserNsFile(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, pkgfeatures.UserNamespacesStatelessPodsSupport, true)() defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, pkgfeatures.UserNamespacesSupport, true)()
cases := []struct { cases := []struct {
name string name string

8
test/e2e/common/node/security_context.go
View File

@@ -72,7 +72,7 @@ var _ = SIGDescribe("Security Context", func() {
} }
} }
ginkgo.It("must create the user namespace if set to false [LinuxOnly] [Feature:UserNamespacesStatelessPodsSupport]", func(ctx context.Context) { ginkgo.It("must create the user namespace if set to false [LinuxOnly] [Feature:UserNamespacesSupport]", func(ctx context.Context) {
// with hostUsers=false the pod must use a new user namespace // with hostUsers=false the pod must use a new user namespace
podClient := e2epod.PodClientNS(f, f.Namespace.Name) podClient := e2epod.PodClientNS(f, f.Namespace.Name)
@@ -110,7 +110,7 @@ var _ = SIGDescribe("Security Context", func() {
} }
}) })
ginkgo.It("must not create the user namespace if set to true [LinuxOnly] [Feature:UserNamespacesStatelessPodsSupport]", func(ctx context.Context) { ginkgo.It("must not create the user namespace if set to true [LinuxOnly] [Feature:UserNamespacesSupport]", func(ctx context.Context) {
// with hostUsers=true the pod must use the host user namespace // with hostUsers=true the pod must use the host user namespace
pod := makePod(true) pod := makePod(true)
// When running in the host's user namespace, the /proc/self/uid_map file content looks like: // When running in the host's user namespace, the /proc/self/uid_map file content looks like:
@@ -121,7 +121,7 @@ var _ = SIGDescribe("Security Context", func() {
}) })
}) })
ginkgo.It("should mount all volumes with proper permissions with hostUsers=false [LinuxOnly] [Feature:UserNamespacesStatelessPodsSupport]", func(ctx context.Context) { ginkgo.It("should mount all volumes with proper permissions with hostUsers=false [LinuxOnly] [Feature:UserNamespacesSupport]", func(ctx context.Context) {
// Create all volume types supported: configmap, secret, downwardAPI, projected. // Create all volume types supported: configmap, secret, downwardAPI, projected.
// Create configmap. // Create configmap.
@@ -245,7 +245,7 @@ var _ = SIGDescribe("Security Context", func() {
}) })
}) })
ginkgo.It("should set FSGroup to user inside the container with hostUsers=false [LinuxOnly] [Feature:UserNamespacesStatelessPodsSupport]", func(ctx context.Context) { ginkgo.It("should set FSGroup to user inside the container with hostUsers=false [LinuxOnly] [Feature:UserNamespacesSupport]", func(ctx context.Context) {
// Create configmap. // Create configmap.
name := "userns-volumes-test-" + string(uuid.NewUUID()) name := "userns-volumes-test-" + string(uuid.NewUUID())
configMap := newConfigMap(f, name) configMap := newConfigMap(f, name)